How to Use SSH with Linux on Azure

The current version of the Azure Management Portal only accepts SSH public keys that are encapsulated in an X509 certificate. Follow the steps below to generate and use SSH keys with Azure.

Generate Windows Azure Compatible Keys in Linux

Install the openssl utility if needed:

CentOS / Oracle Linux

# sudo yum install openssl

Ubuntu

# sudo apt-get install openssl

SLES & openSUSE

# sudo zypper install openssl

Use openssl to generate an X509 certificate with a 2048-bit RSA keypair. Please answer the few questions that the openssl prompts for (or you may leave them blank). The content in these fields is not used by the platform:

Upload the myCert.pem while creating the Linux virtual machine. The provisioning process will automatically install the public key in this certificate into the authorized_keys file for the specified user in the virtual machine.

If you are going to use the API directly, and not use the Management Portal, convert the myCert.pem to myCert.cer (DER encoded X509 certificate) using the following command:

# openssl x509 -outform der -in myCert.pem -out myCert.cer

Generate a Key from an Existing OpenSSH Compatible Key

The previous example describes how to create a new key for use with Windows Azure. In some cases you may already have an existing OpenSSH compatible public & private key pair and wish to use the same keys with Windows Azure.

OpenSSH private keys are directly readable by the openssl utility. The following command will take an existing SSH private key (id_rsa in the example below) and create the .pem public key that is needed for Windows Azure:

The myCert.pem file is the public key that may then be used to provision a Linux virtual machine on Windows Azure. During provisioning the .pem file will be translated into an openssh compatible public key and placed in ~/.ssh/authorized_keys.

Connect to an Windows Azure Virtual Machine from Linux

In some cases the SSH endpoint for a Linux virtual machine may be configured for a port other then the default port 22. You can find the correct port number on the Dashboard for the VM in the Management Portal (under "SSH Details").

Connect to the Linux virtual machine using ssh. You will be prompted to accept the fingerprint of the host's public key the first time you log in.

# ssh -i myPrivateKey.key -p <port> username@servicename.cloudapp.net

(Optional) You may copy myPrivateKey.key to ~/.ssh/id_rsa so that your OpenSSH client can automatically pick this up without the use of the -i option.